International Association for Cryptologic Research

# IACR News Central

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2013-06-20
12:17 [Pub][ePrint]

In this paper, we introduce \\emph{functional digital signatures}, \\emph{functional pseudorandom functions} and \\emph{pseudorandom functions with selective access}.

In a functional signature scheme, in addition to a master signing key that can be used to sign any message, there are \\emph{signing keys for a function} $f$, which allow one to sign any message in the range of $f$. An immediate application of functional signature schemes is delegation of the ability to sign a restricted set of messages by a master authority to a third party. We also show applications of functional signatures in constructing succinct non-interactive arguments and delegation schemes. We give several general constructions for this primitive based on different computational hardness assumptions, and describe the trade-offs between them in terms of the assumptions they require and the size of the signatures.

In a functional pseudorandom function, in addition to a master secret key that can be used to evaluate the pseudorandom function $F$ on any point in the domain, there are additional \\emph{secret keys for a function} $f$, which allow one to evaluate $F$ on any $y$ for which there exists an $x$ such that $f(x)=y$. This implies the ability to delegate keys per function $f$ for computing a pseudorandom function $F$ on points $y$ for which $f(y)=1$. Such functions imply {\\it pseudo random functions with selective access} -- pseudorandom function families F for which one may delegate keys per function f for computing F on points y for which f(y) = 1. We provide an example of a construction of a functional pseudorandom function for prefix fixing functions.

12:17 [Pub][ePrint]

Recently, Khan et al. proposed an enhancement on a remote authentication scheme designed by Wang et al. which emphasizes on using dynamic identity. They claim that their improvement can avoid insider attack. However, we found the scheme lacks the anonymity property. Moreover, R. Madhusudhan et al. indicate their scheme also suffers the insider attack. Due to these observations, in this paper we propose a novel one which not only anonymously authenticates the remote user by using only two passes but also satisfies the ten requirements of an authentication scheme using smart card mentioned by Liao et al..

12:17 [Pub][ePrint]

12:17 [Pub][ePrint]

12:17 [Pub][ePrint]

12:17 [Pub][ePrint]

06:28 [PhD][New]

Name: Enrico Thomae
Category: public-key cryptography

Description: The primary goal of this thesis is to evaluate the security of multivariate quadratic public key schemes. We investigate three main topics related to the security of MQ-schemes, namely the MQ-Problem, the IP-Problem and the MinRank-Problem.
\r\nSection 2 discusses the MQ-Problem, which relates to direct pre-image attacks using the\r\npublic key, i.e. finding x for a given y and P(x) = y, which is known to be difficult in\r\ngeneral. In section 2.1 we provide a brief survey on algorithms to solve such systems, like F4, F5, XL and MutantXL. We recap the complexity analysis of the first three algorithms and provide a detailed complexity analysis of the latter. Our contribution is a proof of theorem 2.7 which is hopefully simpler than that in [CKPS, Section 8]. Further we derived theorem 2.29 and thus confirmed results from Yang and Chen [YC04a] in a different way.
\r\nIn section 2.2 we present a new direct attack on the Unbalanced Oil and Vinegar signature scheme, which forces to raise parameters in order to obtain the same\r\nsecurity level again. More generally we present an algorithm to solve underdetermined\r\nsystems of MQ-equations faster than before.
\r\nSection 3 presents the main part of this work and is dedicated to algebraic key recovery\r\nattacks on MQ-schemes.\r\nUnfortunately naive algebraic attacks are usually far from being efficient due to the large number of variables. So we first formalize the underlying class of problems and introduce the Isomorphism of Polynomials with partial Knowledge (IPpK) Problem in section 3.3. We relate this new problem to known problems, like the Isomorphism of Polynomials Problem with one and two secrets. Our main contribution is to provide a general algebraic\r\nframework to tackle the IPpK-Problem. Therefore we generalize the notion of equivalent keys to so-called good keys. In a nutshell equivalent keys allow to reduce the number of variables of an algebraic attack. Good keys further reduce the number of vari[...]

2013-06-19
06:17 [Forum]

Hello, In case you want to follow up this forum - but not to poll it every other day, there are several options: * RSS feed: http://eprint.iacr.org/forum/rss.php * IACR News system (eMail, Twitter) via "Forum": http://www.iacr.org/news/ Best, Christopher From: 2013-19-06 04:56:53 (UTC)

06:17 [Forum]

2013-06-18
15:17 [Pub][ePrint]

12:17 [Forum]

The problem with radical redesign is that it is hard to understand what change has caused which effect. I suggest that we as a community focus on one problem at a time. If we want to focus on multiple problems, maybe each conference should attack one at a time, so at least each variable can be tested separately. Let\'s start with the problem of low quality reviews. Here is a modest initial proposal based on an economic model: Each review should have two components: (1) technical summary and feedback, and (2) subjective evaluation wholly supported by technical evaluation in (1) The technical summary should be presented to the authors before decisions are made, and the authors will rate reviews based on understanding. So will other PC members (anonymously). The results will be used to rate PC members and reviewers and provide them with tokens. PC members and reviewers will need to spend these tokens to get their papers published at top conferences in the future. The monetary system will need to be worked out, but we can let junior researchers borrow tokens from the central bank at the start of their careers so as not to harm their initial careers. But eventually everyone has to pay in quality reviews for papers that they want to publish. These are initial thoughts and the proposal should certainly be refined to address potential abuses. For example, technical parts of the review should be devoid of all subjective opinions and hidden praise, so that the temptation to flatter the authors for earning tokens can be avoided. Also, probably feedback from authors of papers in the bottom 33% should not be counted towards awarding tokens. Amit From: 2013-18-06 09:28:41 (UTC)